CVE-2026-3868
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-3868
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa’s Secure Router. Because of improper validation of length parameters in the HTTPS management interface, an unauthenticated remote attacker could send specially crafted requests that trigger a buffer overflow condition, causing the web service to become unresponsive. Successful exploitation may result in a denial-of-service condition requiring a device reboot to restore normal operation. While successful exploitation can severely impact the availability of the affected device, no impact to the confidentiality or integrity of the affected product has been identified. Additionally, no confidentiality, integrity, or availability impact to the subsequent system has been identified.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
长度参数不一致性处理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Moxa EDR-8010 Series和Moxa EDR-G9010 Series 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Moxa EDR-8010 Series和Moxa EDR-G9010 Series都是中国台湾Moxa公司的一系列安全路由器。 Moxa EDR-8010 Series和Moxa EDR-G9010 Series存在安全漏洞,该漏洞源于HTTPS管理接口中长度参数验证不当,可能导致未经身份验证的远程攻击者发送特制请求触发缓冲区溢出,造成Web服务无响应,需要设备重启恢复。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Moxa | EDR-8010 Series | 1.0 ~ 3.23 | - | |
| Moxa | EDR-G9010 Series | 1.0 ~ 3.23.1 | - |
II. Public POCs for CVE-2026-3868
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-3868
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same weakness: CWE-130
- CVE-2026-5766
Potential denial-of-service vulnerability in ASGI requests v - CVE-2026-33846
Gnutls: gnutls: denial of service via heap buffer overflow i - CVE-2026-5265
Ovn: ovn: heap over-read in icmp error response generation - - CVE-2026-5367
Ovn: ovn: information disclosure via crafted dhcpv6 packets - CVE-2026-41035
Rsync 安全漏洞
V. Comments for CVE-2026-3868
No comments yet